naak Inc. Privacy Policy 

  1. INTRODUCTION. naak inc., a Delaware corporation (“us,” “we,” “our,” “naak” or “Company”) is committed to respecting the privacy rights of the Users of its Services. We created this privacy policy (“Privacy Policy”) to give you confidence as you visit and use the Services, and to demonstrate our commitment to fair information practices and the protection of privacy. This Privacy Policy is only applicable to the Company’s Services, as made available primary via naak Connect, and not to any other websites that you may be able to access from naak, each of which may have data collection, storage, and use practices and policies that differ materially from our Terms of Use and this Privacy Policy. Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Use. By opting-in to our Newsletters or purchasing our Services, you agree to the collection and use of information in accordance with this Policy. 
  2. INFORMATION COLLECTION PRACTICES. 2.1 Types of Information Collected. 

(a) We may track and collect the following categories of information when you visit our Site: (1) IP addresses; (2) domain servers; (3) types of computers accessing the Site; and (4) types of web browsers used to access the Site (collectively “Traffic Data”). Traffic Data is anonymous information that does not personally identify you but is helpful for marketing purposes or for improving your experience on the Site. We also use “cookies” to customize content specific to your interests, to ensure that you do not see the same advertisement repeatedly, and to store your password so you do not have to re-enter it each time you visit the Site (see Section 4 below). (b) In order to become an End User, Limited Administrator, or Unlimited Administrator (as defined in the Terms of Use), you may be required to provide us with certain information that personally identifies you (“Personal Information”). Personal Information includes but is not limited to your name, e-mail address, phone number, and physical address (“Contact Data”) and credit card and billing information (“Financial Data”). In the event you process a credit card transaction to purchase Services, we will collect the date and amount of each order, which will be associated with the last four digits of the credit card you utilized (collectively, “Transaction History”). (c) In order to provide Services to Users, we may also collect usage data such as past and ongoing information about your energy consumption, energy production, energy storage, and other energy related information that may be useful to delivering the subscribed services, or creating new service offerings (“Usage Data”) and data such as your IP Address when you use the naak Connect or user interface (“Log Data”). If you communicate with us by e-mail or upload User Content pursuant to naak’s Terms of Use, any information provided in such communication shall be deemed “Suggestions.” 2.2 Uses of Information Collected. 

(a) We use Contact Data to (i) provide Newsletters to Users who opt-in, (ii) to create and manage accounts for Users, (iii) provide customer service to Users, (iv) analyze our Users’ usage of our Services, (v) send Users information about the Company and its Services, and (vi) contact Users for other legitimate business purposes, (b) We use Usage Data to (i) send users suggestions on how they can further reduce their energy consumption and save more (ii) offer additional hardware, accessories or upgraded service offerings to further their benefit received with their platform subscription 

(c) If you purchase a license directly from the Company, we collect Financial Information to charge Users for the Paid Services ordered, but we do not store or retain any of your Financial Information, except for the last four digits of your credit card. Your Financial Information is processed directly by the applicable third party processor through an API integration. (d) We collect your Transaction History so that we can accurately track the purchases you have placed and answer any questions you may have in connection with any charges made to your credit cards. (e) We collect Traffic Data for the purpose of providing and improving the Service. (f) We collect Usage Data to analyze energy consumption. (g) We collect Log Data for the purpose of providing and improving the Service, and to advertise to you through re-remarketers. (h) We may link or combine the Personal Information we collect and/or receive about you and the Traffic Data we collect automatically during your visit to our website or use of certain of our Services. This allows us to provide you with a personalized experience and helps us to continually work to improve our Services. 2.3 Retention of Information Collected. We will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for our provision of the Services, the purposes of our accessed legitimate business interests, and satisfying any legal or reporting requirements. For clarity, retention periods may be extended if we are required to preserve your information or data because of litigation, investigations and other similar proceedings, or if a longer retention period is required or permitted by applicable law. 2.4 Third Party Data Processors. 

(a) naak engages certain third parties that may process data submitted to naak to perform certain business-related functions and to increase the functionality of our Services. For example, we use third parties for credit card processing and shipping purchases in the provision of our Services. Third party companies provide various other services to us, such as monitoring and analyzing how our Services are used or performing. When we engage another company to perform such functions, we may provide them with information, including Personal Information and Traffic Data in connection with their performance of such functions. These third parties may analyze the data we provide, combine that data with publicly available data, and provide us with access to their analysis and reports. The chart below lists our third party data processors, a description of the service they provide, types of Users from whom the processors may process data, and the type of data processed by each processor. The chart may be updated by naak from time to time: 

Types of Users Categories of Data 

Third Party Processors End User 

Limited Administrator 

Unlimited Administrator 

Traffic Data 

Contact Data 

Financial Data Google LLC (for analytics) X X X X WordPress (website) X X X X 

Stripe (for payment processing) 

(only when purchasing directly from naak) X X 

The Rocket Science Group DBA Mailchimp (for Newsletters) X X X 

(b) To the extent these third parties have access to any of your data, and especially your Personal Information or a combination of data that is deemed to be personally identifiable, please know that they are contractually (i) limited to only use this data to perform specific tasks on our behalf and (ii) obligated not to disclose or use your information for any other purpose. (c) For your information, Google LLC recommends installing the Google Analytics Opt- out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://www.google.com/intl/en/policies/privacy/ 2.5 Additional Controllers. 

(a) Users that have purchased licenses from a Third-Party Reseller (and not from the Company directly), are managed directly by that Third-Party Reseller, which has full unrestricted access to all data provided in connection with a User’s use of naak Connect. Users should contact their Third-Party Reseller directly to obtain their privacy policies. (b) All User, Limited Administrator and Unlimited Administrator data is shared directly with CarbonTRACK PTY LTD (“CarbonTRACK”), the licensor of the naak Connect technology. CarbonTRACK can be contacted directly at 104 Burwood Road, Hawthorn, Victoria 3122, Australia, to obtain their privacy policies. 

  1. YOUR RIGHTS AND THE COMPANY’S LEGAL BASIS FOR COLLECTING PERSONAL 

INFORMATION. 3.1 User Rights. Users who wish to correct, update, change, or erase the Personal Information they submit to Company may do so through their account or by contacting the Company in writing. 3.2 Information Requests. Upon request, we will provide you with information about whether we hold any of your personal information. Again, you may access, correct or request deletion of your personal information by logging into your account, or by contacting us. We will respond to your request within 30 days. 3.3 The Company’s Legal Basis for Processing Your Personal Information. We process Personal 

Information of our Users for the following reasons: (a) Processing Personal Information is necessary for entering into and performing a contract with you. In order to perform obligations that we undertake in providing a Service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your Personal Information. (b) Processing Personal Information is necessary for the purposes of our legitimate business interests. Either we, or a third party, will need to process your Personal Information for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Personal Information protected. Our legitimate interests include responding to requests and inquiries from you or a third party, optimizing our website and customer experience, optimizing our managed energy services modules, informing you about our 

products and services and ensuring that our operations are conducted in an appropriate and efficient manner. (c) Processing Personal Information is necessary to obtain your consent. In some circumstances, we may ask for your consent to process your Personal Information in a particular way. To the extent that we are processing your Personal Information based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us through the methods provided below. 

  1. USE OF COOKIES AND OTHER TECHNOLOGIES. 4.1 Use of Cookies. The Company reserves the right to use “cookies” to enable you to sign in to our services and to help personalize your online experience. A cookie is a small text file that is placed on your hard drive. Cookies contain information, including Personal Information that can later be read by a web server in the domain that issued the cookie to you. The information that cookies collect includes the date and time of your visit, your registration information, session identification number and your navigational history and preferences. 4.2 Reason for Cookies. Cookies offer you many conveniences. They allow us to identify registered Users when they return to the site so that they can retrieve previous image search results and view their previous account balances. Cookies also save you time by eliminating the need to repeatedly enter the same information. 4.3 Third Party Use of Cookies. In some cases, our third-party service providers may use cookies on our sites. We have no access to or control over these cookies. This Privacy Policy covers the use of cookies by the Company only, and does not cover the use of cookies by third parties. 4.4 Accepting and Declining Cookies. You have the ability to accept or decline cookies. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies. If you choose to decline cookies, you may not be able to sign in or use other interactive features of our sites and services that depend on cookies but you will be able to perform basic navigation through the site. 4.5 Other Tracking. In addition to cookies, we may use other technologies, including single-pixel gifs (also known as web beacons) on our websites and in promotional e-mail messages or newsletters. These tiny electronic images assist us in determining how many Visitors have visited certain pages or opened messages or newsletters. We do not use these images to collect Personal Information. 4.6 Do Not Track. The Company does not track its Users over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. 
  2. COMMUNICATIONS. 5.1 Opting-Out. If you have opted-in to receiving Newsletters or purchased any of the Company’s Paid Services, we may use your Personal Information to contact you with Newsletters, marketing or promotional materials, and other information that may be of interest to you. You may also opt-out of receiving any, or all, of these communications from us by contacting osupport@naak.io r following the unsubscribe link or instructions provided in any email we send. Please note that opting-out will not prevent the Company from contacting Users regarding issues with your payment, your violations of the Terms of Use or Privacy Policy, notices required under the Terms of User or Privacy Policy, the termination of Services, or other valid business purposes related to the Services being provided. 

5.2 Compliance with Opting-Out. In compliance with the Controlling the Assault of Non- Solicited Pornography And Marketing Act of 2003, Company will honor User unsubscribe requests within ten (10) days of receipt of such request. 

  1. SECURITY OF YOUR PERSONAL INFORMATION. 6.1 Industry Standards. The security of your Personal Information is important to us. We follow generally accepted industry standards to help protect your Personal Information including without limitation: (a) limiting access to your Personal Information to those of our employees who require it to provide services to you; (b) requiring employees to sign confidentiality agreements to protect customer and other confidential information; (c) ensuring that third-party service providers sign confidentiality agreements to maintain the confidentiality of your Personal Information and not to use it for any unauthorized purposes; and (d) storing your Personal Information in secure computer systems which protect it from unauthorized access or use. 6.2 No Guarantee. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to protect your Personal Information, we cannot guarantee its absolute security. 6.3 Passwords. If a password is used to protect your account and Personal Information, it is your 

responsibility to keep your password confidential. 6.4 Exceptions. Except as otherwise provided in this Privacy Policy, we will keep your Personal Information private and will not share it with third parties, unless such disclosure is necessary to: (a) comply with a court order or other legal process; (b) protect our rights or property; or (c) enforce our Terms of Use. 6.5 Lost or Stolen Information. You must promptly notify us if your username or password is lost, stolen, or used without permission. In such an event, we will remove that username or password from your account and update our records accordingly. 6.6 Public Information. naak may contain links to other websites. We are not responsible for the privacy practices or the content of such websites. In our sole discretion, we may also make comment sections available to you. Please understand that any information that is disclosed in these areas becomes public information. We have no control over its use and you should exercise caution when deciding to disclose your Personal Information. 

  1. LINKS. We may link to websites, including those of our subsidiaries and third-party content providers, which have different privacy policies and practices from those disclosed here. We assume no responsibility for the policies or practices of such linked sites, and encourage you to become acquainted with them prior to use. 
  2. SHARING AND TRANFERRING INFORMATION. 8.1 Our Right to Share Information In Certain Circumstances. We may share Personal Information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our terms of us or this Privacy Policy. This may include sharing information with other companies, lawyers, courts or other government entities. 

8.2 Transfers of Information Across International Borders. To facilitate naak’s global operations, we may store, transfer and access the information and Personal Information you submit to the Company around the world, including the United States, Canada, Australia and other countries in which naak or its third party service providers have operations. This Privacy Policy shall apply even if naak transfers such information or personal data to other countries. By consenting to this Privacy Policy and using our Services (or, for the avoidance of any doubt, providing Personal Information to the Company in any context), you consent to the transfer of your information and Personal Information among these facilities, including those located outside your home country. 8.3 Data Transferred to Unites States and Australia. For the avoidance of any doubt, if you are located outside United States and choose to provide information to us, please note that our current practice is to transfer the information, including Personal Information, to the United States and Australia. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. 8.4 Complaints. If you live or work in the EU, you are also entitled to lodge a complaint with your applicable supervisory authority. A list of relevant authorities in the EEA and the European Free Trade Area can be accessed here: https://edpb.europa.eu/about- edpb/board/members_en. 

  1. YOUR CALIFORNIA PRIVACY RIGHTS. As already stated elsewhere in this Privacy Policy, and in accordance with California Civil Code Section §1798.83, please know that naak does not disclose personal data collected on the Service to third parties for their direct marketing purposes. (California Civil Code Section § 1798.83 permits users of a website that are California residents to request certain information regarding the disclosure of personal data to third parties for their direct marketing purposes). 
  2. CHILDREN’S PRIVACY. Only persons age 18 or older have permission to access our Service. We do not knowingly collect personally identifiable information from children. If you are a parent or guardian and you learn that your child has, somehow, provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child, we take steps to remove that information from our servers. 
  3. YOUR CANADIAN PRIVACY RIGHTS. For our Canadian users, please know that this 

Privacy Policy is made under the Personal Information Protection and Electronic Documents Act. It is a complex Act and provides some additional exceptions to the privacy principles that are too detailed to set out here. There are some rare exceptions to the commitments set out above. For more general inquiries, the Information and Privacy Commissioner of Canada oversees the administration of the privacy legislation in the private sector. The Commissioner also acts as a kind of ombudsman for privacy disputes. The Information and Privacy Commissioner can be reached at: 

Address: 112 Kent Street, Ottawa, ON K1A 1H3 Phone: (613) 995-8210 Toll-free: (800) 282-1376 Facsimile: (613) 947-6850 TTY: (613) 992-9190 Website: www.priv.gc.ca/en/ 

  1. EEA COMPLIANCE. 12.1 Compliance with EEA Requirements. If you are located in the European Economic Area (“EEA”), we will comply with applicable legal requirements providing adequate protection for the transfer of Personal Information to recipients in countries outside of the EEA, including the USA. In all such cases, we will only transfer your personal data if: (a) The country to which the personal data will be transferred has been granted a European Commission adequacy decision; (b) The recipient of the personal data is located in the U.S. and has certified to the EU- U.S. Privacy Shield Framework; or (c) We have put in place appropriate safeguards with respect to the transfer, for example the EU Model Clauses. 12.2 Safeguard Requests by EEA Users. If you are located in the EEA, you may request a copy of the safeguards that we have put in place in respect of any applicable transfers of personal data by contacting us as described in Section 14 below. 12.3 EEA User Rights. If you are located in the EEA, you may have the following rights in respect 

of your Personal Information that we hold: (a) Right of access. The right to obtain access to your Personal Information along with certain information. (b) Right of portability. The right to receive your Personal Information in a commonly used format and to have it ported to another data controller. (c) Right to rectification. The right to obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete. (d) Right to erasure. The right to obtain the erasure of your Personal Information without undue delay in certain circumstances, such as where the Personal Information is no longer necessary in relation to the purposes for which it was collected or processed. (e) Right to restriction. The right to obtain the restriction of the processing undertaken by us on your Personal Information in certain circumstances, such as where the accuracy of the Personal Information is contested by you, for a period enabling us to verify the accuracy of that Personal Information. (f) Right to object. The right to object, on grounds relating to your particular situation, to the processing of your Personal Information, and to object to processing of your Personal Information for direct marketing purposes, to the extent it is related to such direct marketing. 12.4 Exercising Rights. For additional information, assistance with any problems accessing your information or if you wish to exercise one of these rights set forth in Section 12.3, please contact us at support@naak.io 

  1. CHANGES TO THIS PRIVACY POLICY. We reserve the right to change the terms of this Privacy Policy at any time. Such revisions shall be effective immediately upon posting the revised Privacy Policy. We encourage you to review this policy whenever you visit our site. 
  2. CONTACT US. If you have any questions about this Privacy Policy, please contact us at 

support@naak.io